HILL: A Hardware Isolation Framework Against Information Leakage on Multi-Tenant FPGA Long-Wires

Abstract

FPGA has recently been deployed in the multi-tenant cloud to provide high-performance computing capabilities. Such deployment of FPGA creates a new attack surface for adversary. It has been recently demonstrated that the capacitive crosstalk between FPGA long-wires can be used as a side-channel to extract secret information. In this paper, we present HILL: a Hardware Isolation framework against information Leakage on multi-tenant FPGA Long-wires. As a defense framework, HILL can prioritize the placement and routing of security-critical hardware instances and isolate them from other parts and tenants. For data and communication interfaces that use FPGA long-wires, such as UART, PCIe, and AXI4, HILL employs a long-wire obfuscation technique to reduce the side-channel leakage. We evaluate the performance of HILL with Xilinx Artix-7 FPGAs using two prevalent FPGA development tools: Xilinx ISE 14.7 and Vivado 2018.3. The experimental results demonstrate that HILL can effectively reduce the crosstalk-caused side-channel leakage by 138 times. The long-wire obfuscation technique reduces the correlation between the side-channel leakage and secret key from 81.7% to 50.3%, which is close to random guess.